API Reference — AegisOS Comply

Authentication

Bearer Token

All API requests must include an Authorization header.
Dashboard users: Authorization: Bearer <jwt_token>
AI agents (SDK): Authorization: Bearer aegis_sk_<your_api_key>
Requests without a valid token return 401 Unauthorized.

Intents

POST /v1/intents Submit a spend intent for policy evaluation

Submits a new AI spend intent. Returns 202 Accepted immediately. The policy engine evaluates asynchronously and updates the intent status.

Field	Type	Description
agentIdrequired	string (UUID)	The registered agent submitting this intent.
amountrequired	number	Spend amount in the specified currency.
currencyrequired	string	ISO 4217 currency code (e.g. INR, USD, EUR).
reasonrequired	string	Human-readable description of the intended spend.
confidenceoptional	number (0–1)	AI confidence score for this decision. Defaults to 1.0.
merchantoptional	string	Merchant name or domain.
merchantCategoryoptional	string	Merchant category code or label.
metadataoptional	object	Arbitrary key-value pairs attached to the intent.

Response 202
{
  "id":             "int_9f3a2b...",
  "status":         "pending",
  "amount":         5000,
  "currency":       "INR",
  "policyDecision": null,
  "createdAt":      "2026-03-05T10:00:00Z"
}

GET /v1/intents/:id Get a single intent by ID

Returns the current state of an intent including its policy decision, approvals, and audit references.

Response 200
{
  "id":             "int_9f3a2b...",
  "status":         "approved",
  "amount":         5000,
  "currency":       "INR",
  "policyDecision": "allow",
  "matchedPolicy":  "Default Allow",
  "riskScore":      0.12,
  "createdAt":      "2026-03-05T10:00:00Z",
  "updatedAt":      "2026-03-05T10:00:01Z"
}

GET /v1/intents List intents with filtering

Returns a paginated list of intents for your organisation. Supports filtering by status, agent, and date range.

Query Param	Type	Description
status	string	Filter by status: pending, approved, denied, pending_approval.
agentId	string	Filter by agent.
from	ISO date	Start of date range.
to	ISO date	End of date range.
limit	number	Results per page (max 100, default 20).
offset	number	Pagination offset.

Approvals

GET /v1/approvals List pending approval requests

Returns all open approval requests assigned to the authenticated user or their role. Sorted by expiry time ascending.

POST /v1/approvals/:id/respond Approve or reject an intent

Submits a finance team response to a pending approval request. Requires the approvals:respond permission.

Field	Type	Description
decisionrequired	string	"approve" or "reject"
noteoptional	string	Reason for the decision (recorded in audit log).

Policies

GET /v1/policies List all policies

Returns all active and inactive policies for your organisation, ordered by priority descending.

POST /v1/policies Create a new policy

Creates a new policy rule. Policies are evaluated in priority order (highest first) against every incoming intent.

Field	Type	Description
namerequired	string	Display name for the policy.
priorityrequired	number	Evaluation order. Higher numbers evaluated first.
actionrequired	string	"allow", "deny", or "require_approval".
rules.conditionsrequired	array	List of conditions (field, operator, value).
rules.matchrequired	string	"all" (AND) or "any" (OR).
isActiveoptional	boolean	Whether to activate immediately. Default: true.

Example request body
{
  "name":     "Block weekend high-value spend",
  "priority": 80,
  "action":   "deny",
  "rules": {
    "match": "all",
    "conditions": [
      { "field": "amount",      "operator": "gte",        "value": 50000 },
      { "field": "day_of_week", "operator": "in",         "value": ["saturday","sunday"] }
    ]
  }
}

Audit Logs

GET /v1/audit List audit log entries

Returns paginated audit log entries for your organisation. Each entry includes a checksum and a reference to the previous entry — forming a verifiable chain.

GET /v1/audit/export Export audit trail in compliance format

Exports the full audit trail in a regulator-accepted format. Requires the audit:export permission.

Query Param	Type	Description
formatrequired	string	"json" or "csv"
standardrequired	string	"generic", "rbi", "eu_ai_act", or "sox"
fromoptional	ISO date	Start of export range.
tooptional	ISO date	End of export range.

Agents

GET /v1/agents List all registered agents

Returns all AI agents registered to your organisation, including their risk level, status, and wallet balance.

POST /v1/agents Register a new agent

Field	Type	Description
namerequired	string	Human-readable agent name.
descriptionoptional	string	Description of the agent's role.
riskLeveloptional	string	"low", "medium", "high". Default: "medium".
dailyLimitoptional	number	Maximum daily spend (in base currency).
monthlyLimitoptional	number	Maximum monthly spend.

Analytics

GET /v1/analytics/spend Spend totals and trend

Returns total spend, intent count, approval/denial breakdown, and period-over-period trend for your organisation.

Query Param	Type	Description
daysoptional	number	Lookback window in days. Default: 30.
agentIdoptional	string	Filter to a specific agent.

GET /v1/analytics/approval-time Approval turnaround metrics

Returns average, minimum, and maximum approval time, plus total responded, approved, and rejected counts for the specified period.